04/02/2015

Securing Mobile Devices with the Remote Wipe Instruction – Or Not!

by ZixCorp


I’ve just been reading through technical notes that come with a big brand mobility solution. I won’t embarrass them by using their name, however one of their key statements is “If you lose the mobile device, you can use the remote wiping feature to prevent someone from obtaining your personal information from the device.” The notes continue on by giving the instruction sequence to follow to send the remote wipe instruction to the lost or stolen mobility device. Another big brand website is a little more honest about lost or stolen devices: “If your device is offline, the remote erase begins the next time it’s online.” Next time it’s online? Mmmm! What happens if the device never comes back online? This has got me to thinking, what would you be protecting yourself against by wiping your phone anyway? There is the possibility you’ve taken some embarrassing photos and my advice to you would be….don’t! I find the imagination is more fun anyway. However, most opportunist thieves are probably not interested in the data on your device: they just want to wipe the device and sell it, in which case they’ll do the wiping for you. So just who are you trying to protect yourself against when you try to remote wipe your mobile device? Certainly not the opportunist thieves – the vast majority of the thieves who steal five million devices in the US each year. No, you should be worried about a tiny but significant minority of “professionals” who are on the lookout for saleable information, be it bank account or PayPal details, passwords, intellectual property or corporate business data. This tiny but scary profession has the ability to do great damage to individuals and to companies if one of your devices should end up in their hands. You see, while the opportunist thief is not a threat to your data security, the information broker – to whom he may sell the device – is. And if the information broker is smart enough to root or jailbreak your device, or compromise the keychain, then you can bet your bottom dollar that he has sufficient smarts to get his team to protect their stolen devices against your remote wipe instructions. How they do it is very sobering as we remember that most of these devices were not designed for security: they were designed for ease of use. Hence it is fast and simple to activate airplane mode, it is almost as fast to power the device down – and neither of these actions require the entry of a password or thumb print. And even if the manufacturers ever do require a password in the future, there are still Faraday bags that you can order over the Internet, or a square of kitchen foil (see my picture below) ready in the thief’s pocket. Wrap the device in aluminum foil and the remote wipe instruction will never be received, ever. So dear reader, please beware.  Do not be relying on a remote wipe instruction to get you or your company out of trouble. Pick a mobility solution that does not store the important data on the device, the solution that never requires a remote wipe – because there is nothing stored that requires to be wiped. Pick the secure viewer solution – ZixOne.

Posted: 4/2/2015 12:00:00 AM by Global Administrator | with 0 comments
Filed under: BYOD, corporate, data, mobile, protection, Remote, security, Wiping


Recent Posts

10/16/2018

New Email Attack Shows How Hackers Can Hijack a Legitimate Email Thread

by Guest Blogger David Bisson

View Blog Post

10/04/2018

Unified Search Is a Seamless Solution for Increasing Regulatory Burden

by David Wagner

View Blog Post

09/26/2018

What the NIST Small Business Cybersecurity Act Means for You

by David Wagner

View Blog Post